1. Field of the Invention
The present disclosure relates to identity management systems. More specifically, the present disclosure relates to a business-responsibility-centric identity management system.
2. Related Art
Most currently available identity management (IdM) systems are being provisioned at the information technology (IT) resource level. IT resource is a representation of target systems, such as software applications and computer systems, which are being provisioned by an IdM system for user access. As a result, the IdM system can provide information on a user's access to the IT resource. However, current IdM systems do not provide detailed information on a user's business responsibilities.
At present, most legislation and regulatory requirements, such as the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), and the Statement on Auditing Standards No. 70: Service Organizations (SAS70), are concerned with specific business responsibilities a user has instead of the user's access to IT resources.
In addition, it is sometimes difficult to determine which business responsibility is granted to a user if the IdM system manages the user's identity and access at the system level. In other words, even when one knows which groups, roles, or functions on a specific system a user has access to, there is no way to identify which business responsibility the user is able to perform. Traditionally, in order to comply with the legislation and regulatory requirements, manual effort and additional data processing based on information lookup are often needed.